Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215062.roa
File:                     AS215062.roa (raw, json)
Hash identifier:          pclzMnQTnFP75NpHK8w7NzEsgN0dLT3OXVklfVYXWYQ=
Subject key identifier:   E0:98:21:AD:FC:FC:94:49:43:90:69:2C:64:1E:3A:19:94:58:4D:47
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       6153675BD0BE48A97D569D3BC37B730DFFBDB996
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215062.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     215062
IP address blocks:        2a0f:85c1:3c7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:53:67:5b:d0:be:48:a9:7d:56:9d:3b:c3:7b:73:0d:ff:bd:b9:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=E09821ADFCFC94494390692C641E3A1994584D47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e7:32:84:2a:77:4d:40:ad:70:5e:c6:90:3d:
                    8a:37:8c:11:48:db:c7:a7:61:70:f3:a8:8c:1d:1a:
                    f5:cc:5c:3b:93:d0:7c:6b:27:e0:12:fc:5f:18:86:
                    81:f6:f4:cf:b1:de:13:d2:42:4c:76:d7:9d:ef:02:
                    e9:a7:ab:df:42:ec:bf:5b:d4:45:70:26:a7:a8:06:
                    e7:dc:10:f9:47:fd:70:4e:0e:01:43:80:70:a7:68:
                    26:2b:1f:69:90:68:28:c3:9e:d4:65:80:ef:06:27:
                    9a:5a:89:aa:b7:7f:21:07:83:14:53:d8:39:57:04:
                    5d:26:4e:56:bc:e4:22:a2:b3:02:26:95:29:a5:ce:
                    ec:ce:da:35:c2:48:17:3d:48:59:fa:7d:c9:87:e7:
                    0f:fe:8a:39:0f:13:b6:2b:98:65:7b:a3:71:df:06:
                    24:99:44:66:ff:a5:a3:d3:44:ce:7f:01:d7:35:2c:
                    48:53:70:a3:d7:52:03:c9:7e:32:27:cd:3f:ee:c1:
                    3e:e6:55:60:79:82:4f:3f:42:7c:fb:b4:29:da:b1:
                    2c:4f:c2:9c:63:49:c2:e7:e8:c4:77:30:37:39:8c:
                    08:12:9f:30:2f:8f:fe:8c:99:4d:2d:61:4c:34:94:
                    c0:22:fc:bb:a8:52:18:bd:d8:e3:b4:4f:ea:f2:09:
                    5d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:98:21:AD:FC:FC:94:49:43:90:69:2C:64:1E:3A:19:94:58:4D:47
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS215062.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:51:82:b9:ec:2b:b2:dc:f6:cc:93:db:bd:7e:03:7f:86:de:
         61:09:eb:3c:a8:74:c4:2a:6f:49:69:07:4d:7a:02:8b:0f:86:
         ab:2d:75:5a:8c:b8:ff:3c:65:1c:c4:ae:76:70:a0:b9:4f:26:
         ca:7a:5a:22:70:e0:b5:35:d1:de:90:b3:18:66:f5:f6:68:2b:
         40:86:1e:e8:10:af:d6:a9:1d:15:ce:ba:ab:34:2c:c6:20:02:
         13:4a:f7:2d:d7:6c:31:71:ad:9f:f8:3e:c6:57:67:19:5e:fa:
         70:a1:1c:e9:e2:14:89:41:b8:2c:5d:c7:96:27:18:ac:28:db:
         7c:1b:97:17:82:e5:72:e0:22:65:2d:ec:4c:32:9b:19:7b:aa:
         62:cf:5d:c2:a6:fb:c2:5b:a9:86:15:4b:08:3a:09:f4:65:2c:
         b3:ef:48:f4:47:72:f2:cb:8c:fd:f3:0c:95:e7:35:da:bd:fa:
         09:1e:b6:89:c9:0c:d1:91:f2:6e:e0:37:29:1e:b5:54:85:dc:
         07:5e:09:0b:87:18:73:4b:43:48:92:21:fd:61:ef:f8:1f:4c:
         e3:4f:64:31:a9:00:4e:66:99:e3:7a:cb:f7:29:a4:f7:43:63:
         91:25:9c:ca:0a:43:20:a4:e4:60:8a:70:d2:eb:de:42:89:ea:
         82:e0:70:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYVNnW9C+SKl9Vp07w3tzDf+9uZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKEUwOTgyMUFERkNGQzk0NDk0MzkwNjkyQzY0MUUzQTE5OTQ1ODRENDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH5zKEKndNQK1wXsaQPYo3jBFI
28enYXDzqIwdGvXMXDuT0HxrJ+AS/F8YhoH29M+x3hPSQkx2153vAumnq99C7L9b
1EVwJqeoBufcEPlH/XBODgFDgHCnaCYrH2mQaCjDntRlgO8GJ5paiaq3fyEHgxRT
2DlXBF0mTla85CKiswImlSmlzuzO2jXCSBc9SFn6fcmH5w/+ijkPE7YrmGV7o3Hf
BiSZRGb/paPTRM5/Adc1LEhTcKPXUgPJfjInzT/uwT7mVWB5gk8/Qnz7tCnasSxP
wpxjScLn6MR3MDc5jAgSnzAvj/6MmU0tYUw0lMAi/LuoUhi92OO0T+ryCV0/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU4Jghrfz8lElDkGksZB46GZRYTUcwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE1MDYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPHMA0GCSqGSIb3DQEBCwUAA4IBAQBQUYK57Cuy3PbMk9u9fgN/ht5hCes8qHTE
Km9JaQdNegKLD4arLXVajLj/PGUcxK52cKC5TybKeloicOC1NdHekLMYZvX2aCtA
hh7oEK/WqR0VzrqrNCzGIAITSvct12wxca2f+D7GV2cZXvpwoRzp4hSJQbgsXceW
JxisKNt8G5cXguVy4CJlLexMMpsZe6piz13CpvvCW6mGFUsIOgn0ZSyz70j0R3Ly
y4z98wyV5zXavfoJHraJyQzRkfJu4DcpHrVUhdwHXgkLhxhzS0NIkiH9Ye/4H0zj
T2QxqQBOZpnjesv3KaT3Q2ORJZzKCkMgpORginDS695CieqC4HBv
-----END CERTIFICATE-----